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. . ABSTRACT 

O ■ The paper proposes a theoretical approach of the debugging of constraint programs based on a notion of ex- 

planation tree. The proposed approach is an attempt to adapt algorithmic debugging to constraint program- 
ming. In this theoretical framework for domain reduction, explanations are proof trees explaining value 
^ ' removals. These proof trees are defined by inductive definitions which express the removals of values as 

^SJ I consequences of other value removals. Explanations may be considered as the essence of constraint pro- 

. gramming. They are a declarative view of the computation trace. The diagnosis consists in locating an error 

' in an explanation rooted by a symptom. 

, KEYWORDS: declarative diagnosis; algorithmic debugging; CSP; local consistency operator; fix-point; closure; 

' inductive definition 

o 

1 Introduction 

^ ' Declarative diagnosis ISha82l (also known as algorithmic debugging) have been successfully used in 

different programming paradigms (e.g. in logic programming LSha82J , in functional programming 
IFN94I '). Declarative means that the user has no need to consider the computational behavior of the 
programming system, he only needs a declarative knowledge of the expected properties of the pro- 
gram. This paper is an attempt to adapt declarative diagnosis to constraint programming thanks to 
a notion of proof tree called explanation. 

Constraint programs are not easy to debug because they are not algorithmic programs IM ei95l 
and tracing techniques are limited in usefulness. Moreover it would be incongruous to use only low 
level debugging tools whereas for these languages the emphasis is on declarative semantics. Here 
we are interested in a wide field of constraint programming: /inz'fe domains and propagation. 

The aim of constraint programming is to solve Constraint Satisfaction Problems (CSP) irsa93l , 
that is to provide an instantiation of the variables which is solution of the constraints. The solver 
goes towards the solutions combining two different methods. The first one (labeling) consists in 
partitioning the domains. The second one (domain reduction) reduces the domains eliminating some 
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values which cannot be correct according to the constraints. In general, the labeling alone is very 
expensive and domain reduction only provides a superset of the solutions. Solvers use a combination 
of these two methods until to obtain singleton domains and test them. 

The formalism of domain reduction given in the paper is well-suited to define explanations for 
the basic events which are "the withdrawal of a value from a domain". Constraint community is 
interested in explanations (or nogoods). An explanation is roughly a set of constraints responsible 
for a value withdrawal: domain reduction by this set of constraints, or any super-set of it, will al- 
ways remove this value. The notions of explanations seem to be an interesting answer to constraint 
retraction problems. They have been used and proved useful in many applications such as: d5mamic 
constraint satisfaction problems, over-constrained problems, dynamic backtracking, . . . For example, 
it has been used for failure analysis in [JOOIJ and, in the framework of configuration problems, in 
I AFM02I |FFJS00| . See|http://www.e-constraints.net for more details. IFLT02I details our formalism 
and our definition of explanation. It has alre ady permitted to prove the correctness of a large family 
of constraint retraction algorithms iDFJ+OSl . Here an application to debugging is presented. There 
already exists another explanation tree notion defined in IFLWOOl but it explains solutions obtained 
by inference in a particular case. In IFLWOOl the problem is assumed to have only one solution and 
the resolution of the problem must not require any search. The inference rules used to build explana- 
tions are defined thanks to cliques of disequalities. The introduction of labeling in our formalism has 
already been proposed in ILes02l . But this introduction complicates the formalism and is not really 
necessary here because it leads to no conceptual difficulties (labeling can be considered as additional 
constraints). The explanations defined in the paper provide us with a declarative view of the compu- 
tation and their tree structure is used to adapt algorithmic debugging to constraint programming. 

From an intuitive viewpoint, we call symptom the appearance of an anomaly during the execution 
of a program. An anomaly is relative to some expected properties of the program, here to an expected 
semantics. For example, a symptom can be a wrong answer or a missing answer. This paper focuses on 
the missing answers. Symptoms are caused by erroneous constraints. Strictly speaking, the localization 
of an erroneous constraint, when a symptom is given, is error diagnosis. It amounts to search for a 
kind of minimal symptom in the explanation tree. For our declarative diagnosis approach, the input 
of a system must include at least (1) the actual program, (2) the symptom and (3) a knowledge of the 
expected semantics. This knowledge can be given by the programmer during the diagnosis session or 
it can be specified by other means but, from a conceptual viewpoint, this knowledge is given by an 
oracle. 

We are inspired by GNU-Prolog IDC'OOl , a constraint programming language over finite domains, 
because its glass-box approach allows a good understanding of the links between the constraints and 
the rules used to build explanations. But this work applies to all solvers over finite domains using 
propagation whatever the local consistency notion used. 

Section |2] defines the basic notions of CSP and program. In section |3l symptoms and errors are 
described in this framework. Section |4| defines explanations. An algorithm for error diagnosis of 
missing answers is proposed in section|5l 

2 Preliminary notations and definitions 

Our framework uses families instead of cartesian products because it leads to lighter notations. In- 
deed, the notion of monotonic operators and least or greatest fixpoints are easier in a set theoretical 
framework where the order is the set inclusion. 

2.1 Notations 

Let us assume fixed: 

• a finite set of variable symbols V; 
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• a family {Dx)x£V where each Dx is a finite non empty set, Dx is the domain of the variable x. 

We are going to consider various families f = {fi)iei- Such a family can be identified with the 
function i i— > fi, itself identified with the set {{i, fi) \ i £ I}. 

In order to have simple and uniform definitions of monotonic operators on a power-set, we use 
a set which is similar to an Herbrand base in logic programming: we define the domain by D = 
lj^gy({a;} X Dx), i.e. D is the set of all possible pairs of a variable and its value. 

A subset d of D is called an environment. We denote by d\w the restriction of d to a set of variables 
W C V, that is, d\w = {{x,e) e d \ x e W}. Note that, with d,d' C B, d ^ Uxgv'^IM' 
{dCd' ^yxeV,d\^x} ^d'\[x})- 

A tuple (or valuation) t is a particular environment such that each variable appears only once: 
t C B and Vx £ V,3e G Dx,t\[x} = {{x, e)}. A tuple t on a set of variables C V", is defined by 
t C B\w andVa; £ W,3e e Dx,t\[x} = {ix,e)}. 

2.2 Constraint Satisfaction Problem 

A Constraint Satisfaction Problem (CSP) on {V, D) is made of: 

• a finite set of constraint symbols C; 

• a function var : C 'P{V), which associates with each constraint symbol the set of variables of 
the constraint; 

• a family (Tc)cec such that: for each c G C, is a set of tuples on var(c), is the set of solutions 
of c. 

From now on, we assume fixed a CSP (C, var, (Tc)c!^c) on {V, B). 
Definition 1 A tuple t is a solution of the CSP if^c e C, t|var(c) G Tc. We denote by Sol its set of solutions. 
Example 1 The conference problem IJO011 

Michael, Peter and Alan are organizing a two-day seminar for writing a report on their work. In order 
to be efficient, Peter and Alan need to present their work to Michael and Michael needs to present 
his work to Alan and Peter. So there are four variables, one for each presentation: Michael to Peter 
(MP), Peter to Michael (PM), Michael to Alan (MA) and Alan to Michael (AM). Those presentations 
are scheduled for a whole half-day each. Thus the domains of the variables are {1,2,3,4}, each 
value standing for a half-day. 

Michael wants to know what Peter and Alan have done before presenting his own work (MA > AM, 
MA > PM, MP > AM, MP > PM). Moreover, Michael would prefer not to come the afternoon of the 
second half-day because he has got a very long ride home (MA ^ 4, MP 4, AM ^ 4, PM ^ 4). 
Finally, note that Peter and Alan cannot present their work to Michael at the same time (AM PM). 
The solutions of this problem are: 

{(AM,2),(MA,3),(MP3),(PM,1 )} and {(AM,1 ),(MA,3),(MP,3),(PM,2)}. 
The set of constraints can be written in GNU-Prolog IDCOOI as: 

conf (AM, MP, PM, MA) :- 

fd_domain{ [MP , PM, MA, AM] ,1,4), 
MA #> AM, MA #> PM, MP #> AM, MP #> PM, 
MA #\= 4, MP #\= 4, AM #\= 4, PM #\= 4, 
AM #\= PM. 
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2.3 Constraint Satisfaction Program 

A program is used to solve a CSP, (i.e to find the solutions) thanks to domain reduction and labeling. 
Labeling can be considered as additional constraints, so we concentrate on the domain reduction. 
The main idea is quite simple: to remove from the current environment some values which cannot 
participate to any solution of some constraints, thus of the CSP. These removals are closely related to 
a notion of local consistency. This can be formalized by local consistency operators. 

Definition 2 A local consistency operator r is a monotonic function r : 'P(D) P(D). 

Example 2 The GNU-Prolog solver uses local consistency operators following the x in r scheme 
ICD96j : for example, am in . .max (ma) -l. It means that the values of AM must be between 
and the maximal value of the environment of MA minus 1 . 

As we want a contracting operator (i.e. r{d) C d) to reduce the environment, next we will also 
consider d dr\r{d). But in general, the local consistency operators are not contracting functions, 
as shown later to define their dual operators. 

A program on (V, B) is a set R of local consistency operators. 

Examples Following the X in r scheme ICD96I , the GNU-Prolog conference problem is imple- 
mented by the following program: 

AM in 1..4, MA in 1..4, PM in 1..4, MP in 1..4, 

MA in min (AM) +1 .. infinity, AM in . . max (MA) -1 , 
MA in min (PM) +1 .. infinity, PM in . . max (MA) -1 , 
MP in min (AM) +1 .. infinity, AM in . . max (MP ) -1 , 
MP in min (PM) +1 .. infinity, PM in . . max (MP ) -1 , 
MA in -{4}, AM in -{4}, PM in -{4}, MP in -{4}, 
AM in -{val(PM)}, PM in -{val(AM)}. 

The operator r which corresponds to x in - { vai (y) } is defined by: if d|{Y} is a singleton set then 

rid) =D\d|{Y} elser(d) = D. 

From now on, we assume fixed a program i? on (V, D). 

We are interested in particular environments: the common fix-points of the reduction operators 
d I— > d n r{d), r £ R. Such an environment d' verifies Vr £ R, d' = d' Ci r{d'), that is values cannot be 
removed according to the operators. 

Definition 3 Let r £ R. We say an environment d is r-consistent ifdCr{d). 
We say an environment d is i?-consistent zfVr e R, d is r-consistent. 

Domain reduction from a domain dhy R amounts to compute the greatest fix-point of d by R. 

Definition 4 The downward closure of d by R, denoted by CLl{d,R), is the greatest d' C D such that 
d' C d and d' is R-consistent. 

In general, we are interested in the closure of B by i? (the computation starts from D), but some- 
times we would like to express closures of subset of B (environments, tuples), for example to take 
into account dynamic aspects or labeling. 

Example 4 The closure of the GNU-Prolog program is: 

{(AM,1),(AM,2),(MA,2),(MA,3),(MP2),(MP3),(PM,1),(PM,2)}. 

It can be computed by a chaotic iteration IFFS95IIFLT02I , but the details about the computation are 
not in the scope of the paper. 

By definitionlU since d C B: 

Lemma 1 Ifd is R-consistent then d C CL j(]D), R). 
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2.4 Links between CSP and program 

Of course, the program is linked to the CSP. The operators are chosen to "implement" the CSP. In 
practice, this correspondence is expressed by the fact that the program is able to test any valuation. 
That is, if all the variables are bounded, the program should be able to answer to the question: "is 
this valuation a solution of the CSP ?". 

Definition 5 A local consistency operator r preserves the solutions of a set of constraints C if, for each 
tuple t, (Vc e C, t|var(c) G Tc) =^ t is r-consistent. 

In particular, if C is the set of constraints C of the CSP then we say r preserves the solutions of 
the CSP 

In the well-known case of arc-consistency, a set of local consistency operators Rc is chosen to 
implement each constraint c of the CSP Of course, each r ^ Rc preserves the solutions of {c}. It is 
easy to prove that if r preserves the solutions of C" and C C C, then r preserves the solutions of C. 
Therefore Vr e Rc, r preserves the solutions of the CSP. 

Note that an operator may be associated with several constraints, e.g. with path-consistency. 

To preserve solutions is a correction property of operators. A notion of completeness is used to 
choose the set of operators "implementing" a CSP. It ensures to reject valuations which are not solu- 
tions of constraints. But this notion is not necessary for our purpose. Indeed, we are only interested 
in the debugging of missing answers, that is in locating a wrong local consistency operator (i.e. con- 
straints removing too much values). 

In the following lemmas, we consider S C Sol, that is 5* a set of solutions of the CSP and (J S 
(= Ufg5 <) its projection on D. 

Lemma 2 Let S C Sol, ifr preserves the solutions of the CSP then IJ S is r-consistent. 

Proof yteS,tC r{t) so U C [j^^^ r{t). Now, Vt e S,t C[j S soVt e S, r{t) C r(U S). 

Extending definition [S] we say R preserves the solutions of C if for each r E R, r preserves the 
solutions of C. 

From now on, we consider that the fixed program R preserves the solutions of the fixed CSP. 
Lemma 3 7/5 C Sol then U 5 C CLi(]D), R). 
Proof, by lemmas n and 13 

Finally, the following corollary emphasizes the link between the CSP and the program. 

Corollary 1 IJ Sol C CLi(D, i?). 

The downward closure is a superset (an "approximation") of IJ Sol which is itself the projec- 
tion (an "approximation") of Sol. But the downward closure is the most accurate set which can be 
computed using a set of local consistency operators in the framework of domain reduction without 
splitting the domain (without search tree). 

3 Expected Semantics 

To debug a constraint program, the programmer must have a knowledge of the problem. If he does 
not have such a knowledge, he cannot say something is wrong in his program! Because constraint 
programming activity is declarative, this knowledge is declarative. 
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3.1 Correctness of a CSP 

At first, the expected semantics of the CSP is considered as a set of tuples: the expected solutions. Note 
that the only relation between the fixed CSP and the fixed program R is that R preserves the solutions 
of the CSP. Next definition is motivated by the debugging of missing answer. 

Definition 6 Let She a set of tuples. The CSP is correct wrt SifSC Sol. 

Note that if the user exactly knows S then it could be sufficient to test each tuple of S on each local 
consistency operator or constraint. But in practice, the user only needs to know some members of IJ 5 
and some members of D \ IJ 5. We consider the expected environment [J S, that is the approximation 
of S. 

By lemma 121 

Lemma 4 If the CSP is correct wrt a set of tuples S then IJ S is R-consistent. 

3.2 Symptom and Error 

From the notion of expected environment, we can define a notion of symptom. A symptom empha- 
sizes a difference between what is expected and what is actually computed. 

Definition 7 h e3is a symptom wrt an expected environment difh e d\ CL |(D, R). 

It is important to note that here a symptom is a symptom of missing solution (an expected mem- 
ber of D is not in the closure). 

Example 5 From now on, let us consider the new following CSP in GNU-Prolog: 

conf (AM, MP, PM, MA) :- 

fd_domain ( [MP , PM, MA, AM] ,1,4), 
MA #> AM, MA #> PM, MP #> AM, PM #> MP, 
MA #\= 4, MP #\= 4, AM #\= 4, PM #\= 4, 
AM #\= PM. 

As we know, a solution of the conference problem contains (AM,1). But, the execution provides an 
empty closure. So, in particular, (AM,1) has been removed. Thus, (AM,1) is a symptom. 

Definition 8 R is approximately correct zvrt difdc CL R). 

Note that R is approximately correct wrt d is equivalent to there is no symptom wrt d. By this 
definition and lemma^we have: 

Lemma 5 Ifdis R-consistent then R is approximately correct wrt d. 

In other words, if d is _R-consistent then there is no symptom wrt d. But, our purpose is debugging 
(and not program validation), so: 

Corollary 2 Let S be a set of expected tuples. If R is not approximately correct wrt |J S then IJ S is not 
R-consistent, thus the CSP is not correct wrt S. 

The lack of an expected value is caused by an error in the program, more precisely a local consis- 
tency operator. If an environment d is not i?-consistent, then there exists an operator r E R such that 
d is not r-consistent. 

Definition 9 A local consistency operator r <E Ris an erroneous operator wrt dif d %r{d). 
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Note that d is i?-consistent is equivalent to there is no erroneous operator wrt d in R. 

Theorem 1 If there exists a symptom wrt d then there exists an erroneous operator wrt d (the converse does 
not hold). 

When the program is i? = Ucec with each Rc a set of local consistency operators preserving 
the solutions of c, it r G Rc is an erroneous operator wrt IJ S then it is possible to say that c is an 
erroneous constraint. Indeed, there exists a value (x, e) G U 'S' \ ^■(U S), that is there exists t G 5 such 
that (x, e) G t \ r{t). So t is not j'-consistent, so t|var(c) ^ Tc i.e. c rejects an expected solution. 

4 Explanations 

The previous theorem shows that when there exists a sjonptom there exists an erroneous operator. 
The goal of error diagnosis is to locate such an operator from a symptom. To this aim we now define 
explanations of value removals. An explanation is a proof tree of a value removal (| FLT02J gives more 
details about explanations). If a value has been wrongly removed then there is something wrong in 
the proof of its removal, that is in its explanation. 

4.1 Explanations 

First we need some notations. Let d = D \ d. In order to help the understanding, we always use the 
notation d for a subset of D if intuitively it denotes a set of removed values. 

Definition 10 Let r he an operator, we denote by r the dual ofr defined by: 'id C D, r{d) ~ r{d). 

Definition 1101 provides a dual view of domain reduction: instead of speaking about values that 
are kept in the environments this dual view consider the values removed from the environments. 
We consider the set of dual operators of i?: let i? = {r | r G R}. 

Definition 11 The upward closure of d by R, denoted by CL f (d, R) exists and is the least d' such that 
d cW andir e R, ¥(d') C 1. 

Next lemma establishes the correspondence between downward closure of local consistency op- 
erators and upward closure of their duals. 

Lemma 6 CL T(d, R) = CLi(d, R). 

Proof CL t (d, -R) = min{ d' | d C d' , VF G ^, F(d' ) C d' } 
= minjd' I d C d', Vr G i?, d' C r(d')} 
= max{d' I d' C d, Vr G R, d' C r(d')} 

In particular, CLf (0, R) ~ CL4(D, R) is the set of values removed by the program during the 
computation. 

Now, we associate rules in the sense of IAcz77l with these dual operators. These rules are natural 
to build the complementary of an environment and well suited to provide proof (trees) of value 
removals. 

Definition 12 A deduction rule is a rule h ^ B such that /t. G D and i? C D. 

Intuitively, a deduction rule h ^ B can be understood as follows: if all the elements of B are 
removed from the environment, then h can be removed. 

A very simple case is arc-consistency where B corresponds to the well-known notion of support 
of h. But in general (even for hyper arc-consistency) the rules are more intricate. Note that these rules 
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Figure 1: An explanation for (AM,1) 



are only a theoretical tool to define explanations and to justify the error diagnosis method. But in 
practice, this set does not need to be given. The rules are hidden in the algorithms which implement 
the solver. 

For each operator r e R, we denote by TZr a set of deduction rules which defines r, that is, TZr 
is such that: r{d) = {ft, e D | 3B C d,h ^ B g TZr}. For each operator, this set of deduction 
rules exists. There possibly exists many such sets, but for classical notions of local consistency one 
is always natural IFLT02I . The deduction rules clearly appear inside the algorithms of the solver. In 
IAM99I the proposed solver is directly something similar to the set of rules (it is not exactly a set of 
deduction rules because the heads of the rules do not have the same shape that the elements of the 
body). 

Example 6 With the GNU-Prolog operator am in . .max (ma) -l are associated the deduction 
rules (considering that the domains of the variables are {1, 2, 3, 4}): 

(AM,1) ^ (MA,2), (MA,3), (MA,4) 

(AM,2) ^ (MA,3), (MA,4) 

(AM,3) ^ (MA,4) 

(AM, 4) ^ 

Indeed, for the first one, the value 1 is removed from the environment of AM only when the values 2, 
3 and 4 are not in the environment of MA. 

With the deduction rules, we have a notion of proof tree I Acz77l . We consider the set of all the 
deduction rules for all the local consistency operators of R: let TZ = UrGi? 

We denote by cons(/i, T) the tree defined by: h is the label of its root and T the set of its sub-trees. 
The label of the root of a tree t is denoted by root(i). 

Definition 13 An explanation is a proof tree cons(/i, T) with respect to TZ; it is inductively defined by: T is 
a set of explanations with respect to TZ and {h <— {root(t) | t e T}) e TZ. 

Example 7 The explanation of figurell|is an explanation for (AM,1). Note that the root (AM,1) of the 
explanation is linked to its children by the deduction rule (AM,1) ^ (MA, 2), (MA,3), (MA,4). Here to 
help understanding, since each rule is associated with an operator which is itself associated with a 
constraint (arc-consistency case), the constraint is written at the right of the rule. 

Finally we prove that the elements removed from the domain are the roots of the explanations. 

Theorem 2 CL J.(D, R) is the set of the roots of explanations with respect to TZ. 

Proof. Let E the set of the roots of explanations wrt to TZ. By induction on explanations 
E C min{d \Vr e R, r(d) C d}. It is easy to check that r{E) C E. Hence, min{d | Vr G 
R, 7(d) Cd}CE.SoE = CL t(0, R). 

In |FLT02| there is a more general result which establishes the link between the closure of an 
environment d and the roots of explanations of7?,U{/i ^ | h G d}. But here, to be lighter, the 
previous theorem is sufficient because we do not consider dynamic aspects. All the results are easily 
adaptable when the starting environment is c? c D. 
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4.2 Computed explanations 

Note that for error diagnosis, we only need a program, an expected semantics, a symptom and an 
explanation for this symptom. Iterations are briefly mentioned here only to imderstand how expla- 
nations are computed in concrete terms, as in the PaLM system |JBOO| . For more details see IF Li 021 . 

CL4(]D), R) can be computed by chaotic iterations introduced for this aim in |FFS951. 

The principle of a chaotic iteration |Apt99[ is to apply the operators one after the other in a "fairly" 
way, that is such that no operator is forgotten. In practice this can be implemented thanks to a prop- 
agation queue. Since C is a well-foimded ordering (i.e. D is a finite set), every chaotic iteration is 
stationary. The well-known result of confluence ICC77IIFFS95I ensures that the limit of every chaotic 
iteration of the set of local consistency operators R is the downward closure of D by R. So in practice 
the computation ends when a common fix-point is reached. Moreover, implementations of solvers 
use various strategies in order to determine the order of invocation of the operators. These strategies 
are used to optimize the computation, but this is out of the scope of this paper. 

We are interested in the explanations which are "computed" by chaotic iterations, that is the 
explanations which can be deduced from the computation of the closure. A chaotic iteration amoimts 
to apply operators one after the other, that is to apply sets of deduction rules one after another. So, the 
idea of the incremental algorithm ( FLT02I is the following: each time an element h is removed from 
the environment by a deduction rule h ^ B, an explanation is built. Its root is h and its sub-trees are 
the explanations rooted by the elements of B. 

Note that the chaotic iteration can be seen as the trace of the computation, whereas the computed 
explanations are a declarative vision of it. 

The important result is that CL R) is the set of roots of computed explanations. Thus, since a 
symptom belongs to CL |(]D), R), there always exists a computed explanation for each symptom. 

5 Error Diagnosis 

If there exists a symptom then there exists an erroneous operator. Moreover, for each symptom an 
explanation can be obtained from the computation. This section describes how to locate an erroneous 
operator from a symptom and its explanation. 

5.1 From Symptom to Error 

Definition 14 A rule h ^ B eTZr is an erroneous rule ivrt dif B r\d = % and h e d. 

Intuitively, an erroneous rule h ^ B can be understood as follows: all the elements of B can be 
removed from the environment, but h should not be removed. 

It is easy to prove that r is an erroneous operator wrt d if and only if there exists an erroneous 
rule h ^ B ^ TZ,. wrt d. Consequently, theorem^can be extended into the next lemma. 

Lemma 7 If there exists a symptom wrt d then there exists an erroneous rule wrt d. 

We say a node of an explanation is a symptom wrt d if its label is a symptom wrt d. Since, for 
each symptom h, there exists an explanation whose root is labeled by h, it is possible to deal with 
minimality according to the relation parent/ child in an explanation. 

Definition 15 A symptom is minimal zvrt d if none of its children is a symptom wrt d. 

Note that if /i is a minimal symptom wrt d then h E d and the set of its children B is such that 
B C d.ln other words h ^ B is an erroneous rule wrt d. 

Theorem 3 In an explanation rooted by a symptom wrt d, there exists at least one minimal symptom wrt d 
and the nde which links the minimal symptom to its children is an erroneous nde. 
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Proof. Since explanations are finite trees, the relation parent/ child is well-founded. 

To sum up, with a minimal symptom is associated an erroneous rule, itself associated with an 
erroneous operator. Moreover, an operator is associated with a constraint (e.g. the usual case of hyper 
arc-consistency), or a set of constraints. Consequently, the search for some erroneous constraints in 
the CSP can be done by the search for a minimal symptom in an explanation rooted by a symptom. 

5.2 Diagnosis Algorithms 

Let (a;, e) be a symptom. Let E be the computed explanation of {x, e). The aim is to find a minimal 
symptom in E. 

A quite simple error diagnosis algorithm for the symptom (.t, e) is to ask the user with questions 
as: "is {y, f) expected ?" (i.e. is this removal an anomaly?) until to locate a minimal symptom. 

Note that different strategies can be used. For example, the "divide and conquer" strategy: if n is 
the number of nodes of E then the number of questions is 0{log(n}), that is not much according to 
the size of the explanation and so not very much compared to the size of the iteration. 

Examples Let us consider the GNU-Prolog CSP of example [H] Remind us tinat its closure is 
empty whereas the user expects (AM,1 ) to belong to a solution. Let the explanation of figurell|be the 
computed explanation of (AM,1 ). A diagnosis session can then be done using this explanation to find 
the erroneous operator or constraint of the CSP. 

Following the "divide and conquer" strategy, first question is: "Is (MA,3) a symptom ?". According 
to the conference problem, the knowledge on MA is that Michael wants to know other works before 
presenting is own work (that is MA>2) and Michael cannot stay the last half-day (that is MA is not 4). 
Then, the user's answer is: yes. 

Second question is: "is (PM,2) a symptom ?". According to the conference problem, Michael wants 
to know what Peter has done before presenting his own work to Alan, so the user considers that 
(PM,2) belongs to the expected environment: its answer is yes. 

Third question is: "Is (MP,1) a symptom 1" . This means that Michael presents his work to Peter 
before Peter presents his work to him. This is contradicting the conference problem: the user answers 
no. 

So, (PM,2) is a minimal symptom and the rule (PM,2) ^ (MP,1) is an erroneous one. This rule 
is associated with the operator pm in min(MP)+i. .infinite, associated with the constraint 
PM>MP. Indeed, Michael wants to know what Peter have done before presenting his own work would 
be written PM<MP 

Note that the user has to answer to only three questions whereas the explanation contains height 
nodes, there are sixteen removed values and eighteen operators for this problem. There exists other 
stategies not detailed here and "divide and conquer" is always a good stategy in practice (about 
log(number of nodes) questions). So, declarative diagnosis seems an efficient way to find an error. 

Note that it is not necessary for the user to exactly know the set of solutions, nor a precise approx- 
imation of them. The expected semantics is theoretically considered as a partition of B: the elements 
which are expected and the elements which are not. For the error diagnosis, the oracle only have 
to answer to some questions (he has to reveal step by step a part of the expected semantics). The 
expected semantics can then be considered as three sets: a set of elements which are expected, a set 
of elements which are not expected and some other elements for which the user does not know. It is 
only necessary for the user to answer to the questions. 

It is also possible to consider that the user does not answer to some questions, but in this case 
there is no guarantee to find an error |TFOO|. Without such a tool, the user is in front of a chaotic 
iteration, that is a wide list of events. In these conditions, it seems easier to find an error in the code 
of the program than to find an error in this wide trace. Even if the user is not able to answer to the 
questions, he has an explanation for the symptom which contains a subset of the CSP constraints. 
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6 Conclusion 

Our theoretical foundations of domain reduction have permitted to define notions of expected se- 
mantics, symptom and error. 

Explanation trees provide us with a declarative view of the computation and their tree structure 
is used to adapt algorithmic debugging ISha82l to constraint programming. The proposed approach 
consists in comparing expected semantics (what the user wants to obtain) with the actual semantics 
(the closure computed by the solver). Here, a symptom, which expresses a difference between the 
two semantics is a missing element, that is an expected element which is not in the closure. Since the 
symptom is not in the closure there exists an explanation for it (a proof of its removal). The diagnosis 
amounts to search for a minimal symptom in the explanation (rooted by the symptom), that is to 
locate the error from the symptom. The traversal of the tree is done thanks to an interaction with an 
oracle (usually the user): it consists in questions to know if an element is member of the expected 
semantics. 

It is important to note that the user does not need to understand the computation of the constraint 
solver, unlike a method based on a presentation of the trace. A declarative approach is then more 
convenient for constraint programs. Especially as the user only has a declarative knowledge of its 
problem/ program and the solver computation is too intricate to understand. 

The contribution of this paper is the full presentation of the theoretical bases of declarative de- 
bugging for constraint programming over finite domains. Now it remains to implement a declarative 
diagnoser in order to test the approach on real constraint problems. Indeed, without an implementa- 
tion, it is not possible to manage problems other than toy problems because the number of events in 
the trace becomes quickly huge (for example, magic squares 4x4: 49776 events, 8-queens: 3416 events, 
magic lists of length 7: 132552 events). So it is not possible to claim that this approach will help for 
non trivial constraint problems. But we think that this kind of diagnosis is well suited because the 
size of computations is often huge and without such a methodology an errorenous operator cannot 
be located in a trace. 
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